AD Password reset off the network

[Phil Shulman]

We have a Windows 2003 AD Domain. Several of our users work from their
residences and are remote only users. They have a cached AD password for
their login and connect to our network via a VPN.

Every once in a while, one of the users forgets their password. We usually
have the user send their laptop in and connect it up to the network, then
reset their password. Is their any way to delete or reset a cached AD
password without having to ship the laptop to us?

 

[Steven L Umbach]

I have never heard of a way and I don't believe there is a way to do such.
Tell users to write down their password and store it in a safe place away
from their laptop in case such situations arise. If you start charging users
for the cost of sending in their laptop and the word gets around most likely
your problem will disappear. --- Steve

 

[Guest]

I could suggest setting the laptop up so that it auto-logs on with a local
user-account. In this case the user need not know the local password so long
as it's non-expiring. (or you can make it a shared common password) They then
connect to the domain with a 'real' password once the VPN is connected.
Advantage is that Admins are free to change this password as required, and no
changes are needed on the laptop, other than the user knowing about the new
password.

At the risk of being accused of peddling my wares <g> MyLogon handles this
kind of situation nicely. The documentation explains how to set it up to
activate a VPN connection as part of the logon process.

http://mylogon.net